Apologies if this from SANS has gone out on the list already. It seems very significant: --22 October 2002 DDoS Attack Targets The Core of The Internet The thirteen root name servers, effectively the master directory for the Internet, were subjected to a large-scale distributed denial of service attack on Monday evening. According to Internet Software Consortium Inc. Chairman Paul Vixie, only four withstood the attack. Redundancy designed into the Internet in the system allowed most traffic to get to its intended destination without delay. http://www.washingtonpost.com/wp-dyn/articles/A828-2002Oct22.html [Editor's Note (Paller): The only way to stop such attacks is to fix the vulnerabilities on the machines that would ultimately get taken over and used to launch the attacks. There's no defense once the machines are under the attacker's control. If organizations have not established vulnerability identification and remediation program for all their systems - even the "unimportant" ones - it won't be long before their foot dragging will subject them to economic liability and community contempt for their negligence.]
This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 09:28:46 PDT